You have a Microsoft Entra tenant.
The tenant contains an Azure Data Lake Storage Gen2 account named storage1 that has two containers named fs1 and fs2.
You have a Microsoft Entra group named DepartmentA.
You need to meet the following requirements:
• DepartmentA must be able to read, write, and list all the files in fs1.
• DepartmentA must be prevented from accessing any files in fs2.
• The solution must use the principle of least privilege.
Which role should you assign to DepartmentA?
Storage Blob Data Contributor for fs1 grants the permissions needed for DepartmentA to read, write, and list all the files in fs1, while ensuring that they do not have access to any files in fs2. This adheres to the principle of least privilege by restricting permissions to only the necessary container.
correct! Storage Blob Data Contributor for fs1: This role grants the necessary read, write, and list permissions on fs1 only, adhering to the principle of least privilege and preventing access to fs2
I think A.